Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Let the program run unhindered and reboot the PC when it is done.When the computer reboots, and you start your usual account, a Notepad text file will appear.

Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Then,Please proceed with last step from my previous instruction (I repeated it here):

Step 2.SystemLookYou should still have SystemLook_x64.exe on your desktop.

Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.

Highlight and copy the following entries: into SystemLook's main text entry window. (Do not include the words Code: Select all - instead of it please click the Select allbutton next to Code: to select the entire script.)

Press the Look button to start the scan. Please be patient - it may take a while...When finished, a Notepad window will open with the results of the scan. A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt

Please post the contents of the SystemLook.txt file in your next reply.

And finally here,I would like to see the fresh OTL scan log:

Step 3.Fresh OTL ScanYou should still have OTL.exe on your desktop.Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.

Under Output, ensure that Standard Output is selected.

Check the boxes labeled:

Include 64 bit scans

Scan All Users

LOP check

Extra Registry > Use SafeList

Click on Run Scan at the top left hand corner.

When done, one Notepad file OTL.txt <-- Will be opened, maximized

Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:

Do you have any problems executing the instructions?

Contents of the most recent C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run

Contents of the SystemLook.txt log file

Contents of a OTL.txt log file after OTL fresh scan

Do you see any changes in computer behavior?

Thanks,pgmigg

Failure to post replies within 72 hours will result in this thread being closed

Files\Folders moved on Reboot...C:\Users\Rohit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Rohit\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

Let the program run unhindered and reboot the PC when it is done.When the computer reboots, and you start your usual account, a Notepad text file will appear.

Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.ESET NOD32 Online Scan

Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.Do NOT use the computer while the scan is running! Make sure all other programs and windows are closed!

You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.

If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.

Accept any security warnings from your browser and allow the download/installation of any required files.If your browser blocks or halts a download, please allow it to download any required files.

Under scan settings:

Check "Scan archives"

UNCHECK "Remove found threats"

Click Advanced settings and select the following:

Scan potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth technology

Click the Start button.ESET will install itself, download virus signature database updates and begin scanning your computer.The scan will take a while so please be patient. Do NOT use the computer while the scan is running!

When the scan completes, please press the text:

Press the text: , then save the file to your desktop as ESETScan.txt.

Press the Back button, then press the Finish button.

Copy and paste the contents of ESETScan.txt in your next reply.Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:

Do you have any problems executing the instructions?

Contents of the most recent C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run

Contents of the ESETScan.txt log file

Do you see any changes in computer behavior?

Thanks,pgmigg

Failure to post replies within 72 hours will result in this thread being closed

Files\Folders moved on Reboot...C:\Users\Rohit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Rohit\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A410F21-553F-11d1-8E5E-00A0C92C9D5D}\ not found.Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ scheduled to be deleted on reboot.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D79DF7-3400-11d0-B40B-00AA005FF586}\ not found.

C. Scan found nothing.

D. Yes, there is no idm download option when trying to download things now. Also when I right clicked inside a browser there would two internet download manager options to do something, but those are gone as well so that's good.

Btw this thought also occurred to me. I also have an external hard drive that I use sometimes. It's not always connected because this is a laptop and I haven't used it in a few days. Should I have it connected during these scans?

Btw this thought also occurred to me. I also have an external hard drive that I use sometimes. It's not always connected because this is a laptop and I haven't used it in a few days. Should I have it connected during these scans?

Actually, not. All infections your computer had, mostly were concentrated in system area and inside of some directories on the disk C.

Right now we will return to MBAM issue. To install it properly again, we need to remove/clean the rest of previous installations.

Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.

Locate the file mbam-clean.exe and double-click to run it and follow the onscreen prompts.

It will ask to restart your computer, please allow it to do so <- very important

After the computer restarts, ensure that your antivirus is enabled and download the latest version of Malwarebytes Anti-Malware from here and save it to your Desktop.

Now close all open applications including your browser and again temporarily disable your antivirus as before and launch the Malwarebytes installer you just downloaded.

If you have never tried the PREMIUM version Trial and wish to do so then leave the Trial checkmark enabled otherwise please make sure to uncheck the Trial checkmark near the end of the installation if you do not wish to try the PREMIUM version features for 14 days.

Please make sure you check for updates at the end of the installation as well.

Make sure you have re-enabled your Anti-Virus/Internet-Security applications

Your latest set of logs appear to be clean!This is my general post for when your logs show no more signs of malware. Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.OTL - Run Safe ScriptYou should still have OTL on your desktop.Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.

Copy and Paste the following code into the text box. (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)

I followed the instructions exactly. And I was able to install mbam. And it worked. It opened up. So then I went to my task bar to renable my AV which it did. But then my task bar started freezing. And there was a loading icon for my cursor whenever I moved it to the task bar. I waited a little bit but it didn't go away so I decided to restart my PC but had to do a hard reboot. Then when the pc restarted my task bar again wasnt responding. Did another reboot. This time the windows log in took longer than usual and there was just a black screen with a cursor. Another reboot and stuck at windows log in screen after entering password. So I just let it keep loading. It took so long I left and came back and PC had shut off. It also keeps freezing if I shut down from log in. Ive had this problem before and it just went away. But for now I can't even log in.

I'm think I need to do a system restore. Don't know where to do it from though.

Edit: I was able to log in normally... Task bar still freezing though... Actually its not just task bar its also stuck loading when I press a program.

I followed the instructions exactly. And I was able to install mbam. And it worked. It opened up. So then I went to my task bar to renable my AV which it did.

Very good - I glad to read it!

But then my task bar started freezing. And there was a loading icon for my cursor whenever I moved it to the task bar. I waited a little bit but it didn't go away so I decided to restart my PC but had to do a hard reboot. Then when the pc restarted my task bar again wasnt responding. Did another reboot. This time the windows log in took longer than usual and there was just a black screen with a cursor. Another reboot and stuck at windows log in screen after entering password. So I just let it keep loading. It took so long I left and came back and PC had shut off. It also keeps freezing if I shut down from log in. Ive had this problem before and it just went away. But for now I can't even log in.

From the beginning of this thread I suspected that your computer had some problems are different from infection issues. It looks like I was right, unfortunately...

Will post the next set of instructions in a while...

Thankspgmigg

Failure to post replies within 72 hours will result in this thread being closed

To Install CCleaner: Caution: Make sure to UNCHECK any other software install offers, before installing CCleaner.

Right-click on ccsetup415.exe icon on your desktop and select "Run As Administrator..." to run it. If prompted by UAC, please allow it.

Press the "Next" button on Welcome to the CCleaner v4.15 Setup screen after selecting a language.

Click "I Agree"...(License Agreement) if prompted.

Click "Next" for default install location if prompted.The default is set to C:\Program Files\CCleaner. Unless you want it installed elsewhere, just leave it.

Check the "Install Options" you want or leave existed marks.

Click "Install".

Uncheck View Release notes and click "Finish" when prompted.

To Run CCleaner:

Right-click on CCleaner desktop icon and select "Run As Administrator..." to run it. If prompted by UAC, please allow it..

Select and click Tools on the left Pane.

Select and click Startup.

Select and click Save to text file... button on the right bottom corner and safe startup.txt on your Desktop.

Close CCleaner when finished.

Locate the startup.txt file, open it by Notepad, copy the contents of that file, and post it in your next reply

Step 2.Scan with FRST

Please download FRST ... by Farbar, from the link For 64-bit Systems and save it to your Desktop.

Right-click FRST.exe and select "Run as administrator..." to run it.

When the tool opens click Yes to the disclaimer.

Check the box labeled List BCD under Optional Scan.

Press Scan button. ... When finished a log file FRST.txt will be created .

The first time the tool is run, it will create another log... Addition.txt.

Please post the content of both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:

Do you have any problems executing the instructions?

Contents of the startup.txt file

Contents of the FRST.txt file

Contents of the Addition.txt file

Do you see any changes in computer behavior?

Thanks,pgmigg

Failure to post replies within 72 hours will result in this thread being closed

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.